On Mon, May 28, 2007 at 04:23:51AM -0700, coderman wrote: > On 5/28/07, Steven Murdoch <[EMAIL PROTECTED]> wrote: > >... > >I do think that a global passive adversary is stronger than the real > >world situation. For example, such an adversary could read traffic > >between two computers in my office, which I suspect is outside of the > >NSA's capabilities, unless I were targeted for special attention. > > thanks for the clarification. i tend to forget that the "passive > adversary" applies to all network communication, not just internet > links across isp's, countries, and oceans... >
As the person (or one of the people?) who first started to complain about the GPA I thought I should note that my objections were against both adjectives, global and passive. A global adversary is too strong, even if you do limit to just the internet links. I don't think that is quite as strong a statement as when I first made it many years ago: (1) the line of work that prompted this thread shows that if it's too strong to posit a truly global adversary, the scope of a potential realistic adversary is pretty large indeed. (2) relatedly, underlying layer networks change over time, lots of consolidating. Some things seem more feasible... Anyway, the main reason I'm writing is that my objection was not just that the GPA was too strong but that it was too weak. Thinking you could have an adversary powerful enough to monitor all the links necessary to watch your whole large network but not able to do any active traffic shaping at all anywhere seems obviously nuts. This is one reason why padding on an open low-latency (lossless) network is problematic: an adversary with any active capability at all can induce a timing channel easily. aloha, Paul
